Data Security

How Galaxy protects your data.

When you work with Galaxy, you're sharing access to your Amazon business. We take that responsibility seriously. This page explains the technical and operational practices we follow to protect your account and data at every stage of the engagement.

Access Control
Galaxy operates on a least-privilege model. Team members are granted only the level of Seller Central access required for their specific role. No one holds broader permissions than their work requires.
Multi-Factor Authentication
All Galaxy team members are required to use multi-factor authentication (MFA) on every platform where client data is accessible, including Amazon Seller Central, internal dashboards, and communication tools.
Credential Management
Login credentials are never shared via email, chat, or any unsecured channel. Access to client accounts is managed through Amazon's official user permission system - not shared passwords.
Offboarding Process
When an engagement ends, Galaxy removes all team permissions from your Seller Central account within 24 hours. Access is fully revoked before the final handover is complete.
Data Retention
Client data - including reports, dashboards, and account files - is retained only for the duration of the engagement plus 30 days. Upon written request, client data is permanently deleted from all Galaxy systems.
Incident Response
In the event of a suspected data breach or security incident, Galaxy's protocol is to notify the affected client within 24 hours, contain the issue immediately, and provide a written incident report within 72 hours.
Our commitments to you
  • Your account data is never sold, shared, or used for any purpose outside of managing your Amazon account.
  • Galaxy team members only access the specific areas of Seller Central required for their assigned tasks.
  • Third-party tools used in your account management are disclosed to you before use and operate under their own data protection policies.
  • All internal reporting and dashboards built from your account data are accessible only to your assigned team and Galaxy leadership.
  • You can request a full list of team members with access to your account at any time.

If you have questions about Galaxy's data security practices, or would like to request a data deletion, please contact us directly at contact@galaxygrowthpartners.com. We aim to respond to all data-related requests within 2 business days.

Last updated: May 2025